Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history
  • Loading branch information
advisory-database[bot] committed Dec 28, 2024
1 parent f05cb74 commit ba4218c
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 24 deletions.
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-567c-gxmx-3pq9",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-50945"
],
"details": "An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -28,8 +33,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-863"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T19:15:08Z"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9rf3-44g3-h94q",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-54450"
],
"details": "An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-290"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T20:15:23Z"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c893-4f2j-x5ch",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-50944"
],
"details": "Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
Expand All @@ -32,8 +37,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-190"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T19:15:08Z"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-j7jv-x682-58fv",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-54452"
],
"details": "An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-22"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T20:15:23Z"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jphx-whwm-8gpv",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-53476"
],
"details": "A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -28,8 +33,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-362"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T19:15:09Z"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p676-v935-rjvf",
"modified": "2024-12-27T21:30:30Z",
"modified": "2024-12-28T21:30:26Z",
"published": "2024-12-27T21:30:30Z",
"aliases": [
"CVE-2024-54451"
],
"details": "A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator).",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
Expand All @@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T20:15:23Z"
Expand Down

0 comments on commit ba4218c

Please sign in to comment.